JP2023519483A - Sdwanアーキテクチャのサービスプレーンでの動的ファイアウォール発見 - Google Patents
Sdwanアーキテクチャのサービスプレーンでの動的ファイアウォール発見 Download PDFInfo
- Publication number
- JP2023519483A JP2023519483A JP2022547760A JP2022547760A JP2023519483A JP 2023519483 A JP2023519483 A JP 2023519483A JP 2022547760 A JP2022547760 A JP 2022547760A JP 2022547760 A JP2022547760 A JP 2022547760A JP 2023519483 A JP2023519483 A JP 2023519483A
- Authority
- JP
- Japan
- Prior art keywords
- data packet
- source
- site
- destination
- source data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 claims abstract description 44
- 238000007689 inspection Methods 0.000 claims abstract description 41
- 239000003550 marker Substances 0.000 claims abstract description 29
- 230000005540 biological transmission Effects 0.000 claims abstract description 23
- 238000012790 confirmation Methods 0.000 claims description 52
- 238000003860 storage Methods 0.000 claims description 39
- 238000012795 verification Methods 0.000 claims description 15
- 230000002441 reversible effect Effects 0.000 claims description 14
- 230000004044 response Effects 0.000 claims description 12
- 238000004590 computer program Methods 0.000 claims description 4
- 238000001914 filtration Methods 0.000 abstract description 2
- 230000015654 memory Effects 0.000 description 30
- 238000004891 communication Methods 0.000 description 18
- 230000006870 function Effects 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000001514 detection method Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000013519 translation Methods 0.000 description 2
- 241000699670 Mus sp. Species 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000003190 augmentative effect Effects 0.000 description 1
- 239000000872 buffer Substances 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 229920002239 polyacrylonitrile Polymers 0.000 description 1
- 201000006292 polyarteritis nodosa Diseases 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000002123 temporal effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L1/12—Arrangements for detecting or preventing errors in the information received by using return channel
- H04L1/16—Arrangements for detecting or preventing errors in the information received by using return channel in which the return channel carries supervisory signals, e.g. repetition request signals
- H04L1/18—Automatic repetition systems, e.g. Van Duuren systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/54—Organization of routing tables
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/029—Firewall traversal, e.g. tunnelling or, creating pinholes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US16/801,430 US11418491B2 (en) | 2020-02-26 | 2020-02-26 | Dynamic firewall discovery on a service plane in a SDWAN architecture |
| US16/801,430 | 2020-02-26 | ||
| PCT/US2021/017522 WO2021173355A1 (en) | 2020-02-26 | 2021-02-11 | Dynamic firewall discovery on a service plane in a sdwan architecture |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| JP2023519483A true JP2023519483A (ja) | 2023-05-11 |
Family
ID=74860430
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| JP2022547760A Pending JP2023519483A (ja) | 2020-02-26 | 2021-02-11 | Sdwanアーキテクチャのサービスプレーンでの動的ファイアウォール発見 |
Country Status (8)
| Country | Link |
|---|---|
| US (2) | US11418491B2 (ko) |
| EP (1) | EP4111664A1 (ko) |
| JP (1) | JP2023519483A (ko) |
| KR (1) | KR20220142523A (ko) |
| CN (1) | CN115152182B (ko) |
| AU (1) | AU2021228566A1 (ko) |
| CA (1) | CA3168071A1 (ko) |
| WO (1) | WO2021173355A1 (ko) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20240179125A1 (en) * | 2022-11-30 | 2024-05-30 | Cisco Technology, Inc. | Service optimization in networks and cloud interconnects |
| KR20240086508A (ko) | 2022-12-09 | 2024-06-18 | 광운대학교 산학협력단 | 암호화된 제어 트래픽 분석을 통한 sd-wan의 제어 평면 구조 정보 생성 장치 및 방법 |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2013016044A (ja) * | 2011-07-04 | 2013-01-24 | Fujitsu Ltd | ファイアウォール装置およびファイアウォール装置の制御方法 |
| US20160344715A1 (en) * | 2015-05-18 | 2016-11-24 | 128 Technology, Inc. | Network Device and Method for Processing a Session Using a Packet Signature |
| JP2021057717A (ja) * | 2019-09-30 | 2021-04-08 | サクサ株式会社 | セキュリティ監視装置及びセキュリティ監視方法 |
Family Cites Families (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5898830A (en) | 1996-10-17 | 1999-04-27 | Network Engineering Software | Firewall providing enhanced network security and user transparency |
| US6658565B1 (en) * | 1998-06-01 | 2003-12-02 | Sun Microsystems, Inc. | Distributed filtering and monitoring system for a computer internetwork |
| US7644436B2 (en) | 2002-01-24 | 2010-01-05 | Arxceo Corporation | Intelligent firewall |
| US7055207B2 (en) | 2003-08-08 | 2006-06-06 | Trico Products Corporation | Universal wiper adapter and wiper blade assembly incorporating same |
| CA2534919C (en) * | 2003-08-08 | 2011-04-05 | T.T.T. Kabushikikaisha | Transport layer encryption for extra-security ip networks |
| US20050240989A1 (en) * | 2004-04-23 | 2005-10-27 | Seoul National University Industry Foundation | Method of sharing state between stateful inspection firewalls on mep network |
| KR20070087198A (ko) * | 2004-12-21 | 2007-08-27 | 미슬토우 테크놀로지즈, 인코포레이티드 | 네트워크 인터페이스 및 방화벽 장치 |
| US8665868B2 (en) | 2005-08-19 | 2014-03-04 | Cpacket Networks, Inc. | Apparatus and method for enhancing forwarding and classification of network traffic with prioritized matching and categorization |
| US8776207B2 (en) | 2011-02-16 | 2014-07-08 | Fortinet, Inc. | Load balancing in a network with session information |
| CN102571786A (zh) * | 2011-12-30 | 2012-07-11 | 深信服网络科技(深圳)有限公司 | 防火墙中多个安全模块之间联动防御的方法及防火墙 |
| CN102790773A (zh) * | 2012-07-30 | 2012-11-21 | 深圳市共进电子股份有限公司 | 一种家庭网关用防火墙的实现方法 |
| US9635039B1 (en) * | 2013-05-13 | 2017-04-25 | Fireeye, Inc. | Classifying sets of malicious indicators for detecting command and control communications associated with malware |
| US9009461B2 (en) * | 2013-08-14 | 2015-04-14 | Iboss, Inc. | Selectively performing man in the middle decryption |
| TW201600997A (zh) * | 2014-06-30 | 2016-01-01 | 萬國商業機器公司 | 於一集中式管理環境中動態產生一策略實施點之封包檢視策略的方法、資訊設備及電腦程式產品 |
| WO2017066644A1 (en) | 2015-10-16 | 2017-04-20 | ORock Holdings, LLC | System for providing end-to-end protection against network-based attacks |
| CN105827623B (zh) * | 2016-04-26 | 2019-06-07 | 山石网科通信技术股份有限公司 | 数据中心系统 |
| US10958623B2 (en) * | 2017-05-26 | 2021-03-23 | Futurewei Technologies, Inc. | Identity and metadata based firewalls in identity enabled networks |
| US10931637B2 (en) * | 2017-09-15 | 2021-02-23 | Palo Alto Networks, Inc. | Outbound/inbound lateral traffic punting based on process risk |
| CN107888621A (zh) * | 2017-12-14 | 2018-04-06 | 新华三技术有限公司 | 防火墙管理方法、装置及防火墙堆叠系统 |
| WO2019241404A1 (en) * | 2018-06-15 | 2019-12-19 | Orock Technologies, Inc. | Secure on-premise to cloud communication |
-
2020
- 2020-02-26 US US16/801,430 patent/US11418491B2/en active Active
-
2021
- 2021-02-11 CA CA3168071A patent/CA3168071A1/en active Pending
- 2021-02-11 AU AU2021228566A patent/AU2021228566A1/en active Pending
- 2021-02-11 CN CN202180016593.9A patent/CN115152182B/zh active Active
- 2021-02-11 WO PCT/US2021/017522 patent/WO2021173355A1/en unknown
- 2021-02-11 JP JP2022547760A patent/JP2023519483A/ja active Pending
- 2021-02-11 EP EP21710688.9A patent/EP4111664A1/en active Pending
- 2021-02-11 KR KR1020227032716A patent/KR20220142523A/ko not_active Application Discontinuation
-
2022
- 2022-08-04 US US17/817,479 patent/US20220377053A1/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2013016044A (ja) * | 2011-07-04 | 2013-01-24 | Fujitsu Ltd | ファイアウォール装置およびファイアウォール装置の制御方法 |
| US20160344715A1 (en) * | 2015-05-18 | 2016-11-24 | 128 Technology, Inc. | Network Device and Method for Processing a Session Using a Packet Signature |
| JP2021057717A (ja) * | 2019-09-30 | 2021-04-08 | サクサ株式会社 | セキュリティ監視装置及びセキュリティ監視方法 |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115152182B (zh) | 2024-07-05 |
| AU2021228566A1 (en) | 2022-10-27 |
| CA3168071A1 (en) | 2021-09-02 |
| US11418491B2 (en) | 2022-08-16 |
| CN115152182A (zh) | 2022-10-04 |
| WO2021173355A1 (en) | 2021-09-02 |
| KR20220142523A (ko) | 2022-10-21 |
| EP4111664A1 (en) | 2023-01-04 |
| US20210266291A1 (en) | 2021-08-26 |
| US20220377053A1 (en) | 2022-11-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10419394B2 (en) | Providing scalable cloud-based security services | |
| US10608995B2 (en) | Optimizing data transfer costs for cloud-based security services | |
| US20220377053A1 (en) | Dynamic Firewall Discovery on a Service Plane in a SDWAN Architecture | |
| US20180115586A1 (en) | Seamless Service Updates for Cloud-Based Security Services | |
| US10375022B2 (en) | Cooperated approach to network packet filtering | |
| US9276875B2 (en) | Cooperated approach to network packet filtering | |
| JP2022079638A (ja) | 仮想ネットワーク検証サービス | |
| CN114080784B (zh) | 使用标签路由网络流量的系统和方法 | |
| US20130133032A1 (en) | System and Method for Capturing Network Traffic | |
| JP7496414B2 (ja) | ドメイン間トラフィックのグループベースのポリシー | |
| US8458344B2 (en) | Establishing tunnels between selective endpoint devices along communication paths | |
| CN114051714B (zh) | 用于生成上下文标签的系统和方法 | |
| US10021217B2 (en) | Protocol independent way to selectively restrict write-access for redirected USB mass storage devices | |
| EP4455912A1 (en) | Secure network access from sandboxed applications | |
| US20180376329A1 (en) | Encryption system and method | |
| US10673816B1 (en) | Low delay network intrusion prevention | |
| US20090285207A1 (en) | System and method for routing packets using tags | |
| US11582208B1 (en) | Detecting domain fronting through correlated connections | |
| US11563753B2 (en) | Security surveillance system and security surveillance method | |
| JP6273077B1 (ja) | フェデレーション方式のアプリケーションサービス | |
| CN113726917B (zh) | 域名确定方法、装置和电子设备 | |
| US12132660B2 (en) | Systems and methods for handling asymmetric SDWAN traffic flows | |
| US11716305B2 (en) | Control embedded data packet for efficient ARP query in SDA environment | |
| US20170060795A1 (en) | System and methods to support vendor defined usb requests for application managed usb devices in vdi environments |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| A621 | Written request for application examination |
Free format text: JAPANESE INTERMEDIATE CODE: A621 Effective date: 20220927 |
|
| A977 | Report on retrieval |
Free format text: JAPANESE INTERMEDIATE CODE: A971007 Effective date: 20230926 |
|
| A131 | Notification of reasons for refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A131 Effective date: 20231003 |
|
| A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20231226 |
|
| A02 | Decision of refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A02 Effective date: 20240117 |
|
| A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20240515 |
|
| A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A821 Effective date: 20240517 |
|
| A911 | Transfer to examiner for re-examination before appeal (zenchi) |
Free format text: JAPANESE INTERMEDIATE CODE: A911 Effective date: 20240605 |
|
| A912 | Re-examination (zenchi) completed and case transferred to appeal board |
Free format text: JAPANESE INTERMEDIATE CODE: A912 Effective date: 20240712 |